What choices to make for an application backend

Question

I am creating an web application and I at the point that i am starting to make backend choices. Now there are a lot of ways to go with this, so I am looking for some good points and back practices.

Some of the question i have involve:

• Should i make a seperate table in the db for admin users
• Should i extend make some classes to load the admin data and the normal data, or make seperate classes for the admin section
• Where can i get some information on making different types of users
• Just some best practices for a backend

My application is written in PHP with an MySQL database.

Answer 1

Keeping a separate table for admin users is nice, but only if those admin users aren't "regular" users as well - otherwise you'll step on your own toes trying to keep usernames/IDs unique but somewhat connected.

A couple things to consider:

• Apache authentication (or Windows accounts on IIS) for admin users. Separate system entirely, but allows for overlap - a regular user can be a regular user, but they can't access any admin functionality until they authenticate through the browser. Works fine if you only have a couple specific kinds of user role (e.g. member & administrator only).

• All users in one table, but with roles and permissions separate. This is the most flexible because you can get as granular as you need. For example, any user can "post comments," while an admin can "delete comments" and "ban users," but a moderator can only "suspend comments" and "mute users." As you add new features, it's simply a matter of implementing some new permissions & assigning them to the roles. Drupal's access control does this really well, worth a close look.

Answer 2

A good way to do it is to add a new field in the users table for 'rank' in order to differentiate between regular users and staff members, and possibly between the different staff member levels such as moderator, admin, etc. if you need it. Because an administrator should be able to perform all functions that a user can. Use

class Admin extends User { }

if you want to add additional functionality specific to staff members.

As for backend functions, that depends on how your site is set up. If you're using a framework, you can just add new functions to existing controllers and restrict access only to users with a certain rank.

For example, you might have a controller for ForumPost objects, but calling the ForumPost delete() function would require the user to be a forum moderator.

If you're not using a framework, you'll probably have to make your own pages for each backend function you need.